network monitoring software??

im not really sure if this type of software exists, but here is my plight.

im the "network administrator" (fresh out of college tech kid), at a medium sized company.

people on my network are going to questionable websites all the time(streaming video + radio), and using software that is not fit for the workplace(limewire + messaging clients). anyway the higher ups want me to be able to monitor and block what users on the network are doing. im assuming i need url blocking, and port blocking, plus a network usage monitor for each client on the network....

my setup is.....

win2003 domain controller ethernet to about 50 stations running xp pro.

what solution is best for me?


thanks in advance
.chris.
ccurcioAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sachinwadhwaCommented:
use Proxy

search for Microsoft ISA or WinProxy
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Italia_NYCCommented:
You have a few options.

As previously mentioned, a proxy server and/or Application-based firewall such as MS ISA Server would suffice your needs.

Also Websense (http://www.websense.com) will do the job quite well.

There are a plethora of hardware (and software) devices out there that will monitor web traffic and allow you to block sites at will. Do a little research, and you will find options a plenty.

 
0
iedenCommented:
ISA Proxy is a good start.

If your company wants a true IPS and the ability to block users from accessing certain sites and services think http://www.sourcefire.com

Another option is to use a product like LanDesk security suite. There are good rules and policy setting features there.

It depends on how crazy they want to get with money.

0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

ccurcioAuthor Commented:

all these solutions seem good, but they do alot more than i need.

company wouldnt have any problem spending around $1500 on the software, but all i really need is to block certian websites, and ports over the network.

as far ISA is looking decent though like i said, it does way more than i want
0
Italia_NYCCommented:
Do you have any routers or firewalls in your organization?

You can create a few simple access-lists to block ports and websites. And it's free. =)
0
masnrockCommented:
Or you could look for something like WinProxy (http://www.winproxy.com) . But yeah, it's a pain in the neck that companies love tying together their products... makes it a little harder for you to put together a best of breed or a "best for me" package.

If you want something more hardware related, but I know couldn't be that cheap (or they wouldn't make money) would be a PacketShaper from Packeteer (http://www.packeteer.com).
0
Sebastien47136Commented:
Well I'm a Netware shop myself, but the product we use for blocking which is pretty effective is SurfControl (www.surfcontrol.com). It comes with a predefined database of sites that updates every day and you can add your own if you find that folks are getting around the monitor. It does require that you run your proxy though.

If you aren't doing that then you might want to look at getting Vericept (Vericept.com). Some other schools with more money have gone for that and are very happy with it.

I'd be interesting in finding your network traffic monitor as I'm looking for a good one for cheap as well.

Good luck.

0
nepostojeci_emailCommented:
Get a firewall no matter is it hardware or software firewall, it does matter
that you have one, so you can create a policies for the incoming/outgoing
packets. I recommend that you install a software firewall on a gateway
machine (the machine everybody is using to access the internet). You can
find out that doing "ipconfig" in a DOS prompt on any client's machine.
You'll get the result like this:

C:\>ipconfig
Windows IP Configuration
PPP adapter ADAPTERNAME:
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 82.208.195.51
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 82.208.195.51

the line "Default Gateway . . . . . . . . . : 82.208.195.51" is the one you need.

Also, you may find useful some network packets analyzers, like:

CommView
http://www.tamos.com/download/main/index.php

EtherDetect
http://www.etherdetect.com/download.htm

which will help you when you have some sort of traffic that you cannot
check/control under firewall, including all TCP/UDP/ICMP/etc. packets.
0
masnrockCommented:
Is there a policy in place against inappropriate computer usage already? If not, you may want to look into that. That's the first thing... make sure the rules are in place to leave you open to monitoring and whatnot.

But then with something like your filter or your packet analyzer, you can actually start figuring out WHO is doing it, then trace it back to them.
0
iedenCommented:
This is a checklist of 10 ways to monitor what your users are doing with company computers.

http://techrepublic.com.com/5138-1009-6029395.html?tag=nl.e138

Registration is free too.

The document is a pdf and has links to other free resources as well.
0
mianniCommented:
If you have an old box lying around why not try downloading "clark connect" software.
It has loads of functions, Firewall based on iptables, squid for proxy, dansguardian as content filter, snortsam for IDS.

They have a free trial version or home version, but for a corporation you should purchase it if you like it as it is very reasonably priced.
Extremely easy to use and configure www.clarkconnect.com.
0
mh144831Commented:
I would take a look at PRTG Traffic Grapher.

www.paessler.com

This program comes complete with a packet sniffer which when setup will enable you to see where the main offenders are and what ports to block to stop them doing it.

You could then buy a firewall/application layer or tie down there machines to prevent them doing this.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.